The SAM Club’s 6th Azure User Group meeting was kindly held at Neon Underwriters, a long-term client of ours based in London. The topic for this meeting was about a customer’s journey migrating to Azure. The SAM Club also presented on some of the licensing considerations that firms need to consider when planning their Azure migration.
Azure Licensing
Ian Nicholls from The SAM Club kicked the event off with a presentation on Azure licensing, discussing how Windows Server on premise licenses with SA (Software Assurance) can be used within Azure via the Hybrid Use Benefit. Emphasis was placed on the planning phase when considering moving to Azure and the importance of licensing.
Microsoft use the ‘Group of 8 Rule’ which refers to the number of cores, so a VM (virtual machine) must be licensed for 8 cores minimum. If a Windows Server Standard license for 16 Cores is used within Azure under Hybrid Use Rights, this can be used for a max 2 VM’s (2 x 8 Cores) based on the specification of the VM. The rule for a Standard license is that it can be used for an on-premise server or in Azure but not both. But you get 180 days of concurrent use rights whilst migrating servers.
This rule also applies to Windows Server Datacenter (DC) which seems strange as DC is for unlimited VM’s within a host server on premise. But within Azure there is no concept of a host server. A Datacenter license can be used both on premise & in Azure – based on the Group of 8 rule. So, a 16 Core DC license can be used for a max of 2 VM’s within Azure.
You can also stack licenses so by adding more cores, you can run a VM for 16, 24, 32 cores etc. Savings of up to 40% on VM’s can be seen when using the Azure Hybrid Use benefit.
SQL licensing
The Azure Hybrid Use Rights for SQL Server within Azure only applies to the per core licensing model for SQL Server Standard and Enterprise per core licenses with SA.
SQL Server licenses on the server/CAL model are not applicable for Azure Hybrid Use Rights.
SQL Server Enterprise when used for General Purpose or Hyperscale Service Tiers are entitled to 4 cores for 1 core with SA owned and used. Business Critical or Azure Virtual Machines are only entitled to 1:1 core.
Each VM must be licensed for every core with a minimum of 4 cores per VM.
With migrating to Azure there is also 180 days of concurrent use rights to assist with the process.
BYOL – Bring your Own License
Where software licenses that are owned and used within Azure outside of the Hybrid Use Benefit, such as SQL Server on the Server/CAL model, a License Mobility Verification Form must be completed within 10 days and submitted via the LSP/Reseller.
Azure Dedicated Host
Azure Dedicated Host (DH) is a new service that is currently in preview from 1st August 2019 so has some limitations.
Azure Hybrid User Rights can be used for a Windows Server Datacenter license being applied to the DH for all the cores. A DH can also be used for SQL Server with an Enterprise License also being applied based on the number of cores on the DH.
It is also possible to group DH together, like an on premise ESX farm for example.
The DH addresses compliance requirements by giving the ability to place Azure VMs on a specific & dedicated physical server with host level isolation – no third party VM’s will be placed on your hosts.
With Azure VM’s, Microsoft complete and apply maintenance to the VM’s as required. With Dedicated Host servers, you have the option to defer host maintenance for up to 35 days, thereby gaining full control over the sequence and velocity of the maintenance process. Most maintenance events have little or no impact on your VM’s. But there may be some sensitive workloads where every second of pause could have an impact. You can therefore opt in to a maintenance window for control and to reduce the impact on your service.
Existing Azure VM’s can be moved to Dedicated Hosts and it is our understanding that portal support for this will be available soon.
Pricing
- Charged per dedicated host – not VM
- No upfront costs
- Host price based on:
- VM series (Dsv3 & Esv3 – support for Fsv2 coming soon)
- Hardware Size
- Region
- Software Licensing, Storage & Network usage billed separately – no change compared to Azure VM’s
- No termination Fees
- Reserved Instance are not currently available during the preview phase.
Below are the current Dedicated Host options. It is worth noting, that with an on-premise server running VM’s there are no limitations on the number of VM’s.
With DH there is a limit based on the number of virtual CPUS available:
Updated License Terms:
On 1st October 2019, Microsoft updated their licensing terms for dedicated hosted cloud services.
Due to the emergence of dedicated hosted public cloud services, beginning 1st October 2019 on-premise licenses purchased without software assurance and mobility rights cannot be deployed within the following public cloud providers: Microsoft, Alibaba, Amazon (including VMware Cloud on AWS), and Google. They will be referred to as “Listed Providers.”
These changes don’t apply to other providers and there will be no change to the Services Provider License Agreement (SPLA) program or to the License Mobility for Software Assurance benefit, other than to expand this benefit to cover dedicated hosted cloud services.
Farrer & Co LLP: Journey to the Azure Cloud
Neil Davison IT Director at Farrer explained, signing an agreement with Net Documents in 2013/14 was Farrer’s first toe in the water with their journey to the cloud. Farrer were one of the first law firms to move their infrastructure to the cloud, which was considered due to aging technology during a review of their infrastructure. There were server room issues, cabling issues and technology nearing end of life, so a full replace was needed. Dell worked with Farrer on a review strategy roadmap so they could consider replacing their on-premise infrastructure, versus Private and Public Cloud options. When this was presented to the board it was clear that Public cloud offered the best solution.
Any security issues that the board raised were addressed by Microsoft’s trust center and they found this resource invaluable in helping convince the board to approve the project. In 2016 the project was approved, so Farrer set about finding the right partner to help them with help from Microsoft. After tendering to 4 partners, SystemsUp were chosen and they led Farrer through every aspect of the migration.
The planning phase took 14 months and their infrastructure was mapped so they could see what was in place and which systems linked to each other. From here a migration plan was formulated and as the integration between systems was crucial, the decision was taken to move everything to Azure at the same time.
Security
Microsoft offers a very high level of security, but it is still a shared responsibility. So, Farrer had to put a plan in place for security on servers and patching, mapping against CIS benchmarks – which is run by Microsoft and advises on measures to take to help improve your company’s security score.
A high-profile client did an audit at Farrer and security was a high concern all round, but Azure was not the concern, most questions were around the Net Documents software with Azure being a tick box exercise.
Farrer backfilled their infrastructure team and utilised SystemsUp to upskill the team so that they had in house knowledge once the project was completed.
Farrer have other security products in place aside from Microsoft’s; currently on the Microsoft M365 E3 plan they use products from Checkpoint and Tenable.io to complement their security and are considering moving to Microsoft M365 E5 next year.
Testing
Testing took thousands of hours and they had a team test the migration plan before it was executed live. Some of the systems were 20 plus years old so some latency was picked up. The decision was made to use the Amsterdam datacentre as this is one of the first locations to receive updates with London being the second datacentre location.
Changes did happen during the migration with updates from Microsoft coming through regularly in Azure, but SystemsUp understood Farrer’s environment and were able to adapt accordingly. A question was raised in the room about how this new adoption of technology is being received within the law firm. There is always resistance to change but that is the nature of the world we live in now and technology is becoming more of a competitive edge for law firms to have over the competition.
There is a testing group in place at Farrer who meet every 6 weeks to review changes and decisions made on which updates to implement.
Changes internally
The infrastructure team at Farrer have changed the way they work, and the team have reskilled using resources such as the Microsoft Enterprise Skills initiative for support and training. They are more focused on being proactive and looking at what’s coming; which makes them more agile and able to leverage new technologies such as AI.
Farrer see Azure as much more than a lift and shift and feel they have only touched the surface of what is possible in Azure. Re-platforming of systems is taking place now and considering other cloud services.
Since migrating their entire infrastructure to Azure and using Microsoft 365 Farrer have had 100% uptime.
Regarding Business continuity Farrer have completed fail over testing for a week with the London Datacenter being used during the DR (Disaster Recovery) period which ran as good as the live environment. Remote working is enabled through a Checkpoint VPN providing direct access with an always on VPN connection.
The next step for Farrer is a review of the infrastructure and costings, they have some servers on Reserved Instances (RI) now and they review them quarterly with SystemsUp.
Additional resources
Microsoft have a Fast Track Service team for Azure which is available based on eligibility.
Discussion on next topic and host
Ideas for the next meeting topic were:
- Azure Sentinel demo and security discussion
- Dictalogic demo (an alternative to BigHand)
The date and location are to be confirmed.
You can find blog articles from our previous events here:
Azure User Group meeting
Azure User Group meeting 2 Dev /Test
Azure User Group meeting 3 Security & Compliance
Azure AI Chatbots is the hype justified?
Microsoft Cloud Economics Assessment
